A Buru SFTP user account ties together everything that determines how a person connects to the server and what they can do once connected: how they prove their identity, which files they can see, whether they can open a terminal, and whether they can administer the server via Web Administration. This page gives a method-agnostic tour of those settings; the Web Admin and CLI guides cover the procedures themselves.

User accounts are stored in the server's user database (users.ldb) under the config directory.

Authentication

A user can authenticate with a password, a public key, or both combined into multi-factor authentication. Password authentication is accepted by every protocol (SFTP, SCP, SSH, FTP, FTPS, and Web Administration), while public key authentication is accepted only by SSH-based protocols (SFTP, SCP, SSH).

See Authentication for the complete model, including local vs. Windows password verification, key pair generation, hardware-backed keys, and how the disabled/enabled/required states combine into multi-factor authentication.

File access

Each user sees a virtual filesystem assembled from path mappings — virtual paths that point to physical directories on the server, each with its own read/write/delete flags. A user with a root mapping (/) sees that directory as their home; a user with no root mapping sees an empty root and can only enter explicitly mapped subdirectories below it.

See File Access & Permissions for the complete model, including the access flags (R, W, D, A), inheritance, the overlay limitation, and how Windows authentication and impersonation interact with NTFS permissions.

Web Administration access

A user can additionally be granted access to the Web Administration interface. You can also create Web Admin-only users that have no SFTP or SSH access at all — useful for delegating server administration to someone who should never see user files. Web Admin sign-in always uses a password; public key authentication cannot be used to access Web Administration.

SSH terminal access

When a user connects with an SSH client (rather than SFTP/SCP), the server decides what kind of shell to hand them. The default shell type is set globally in the sshShell section of config.yaml and can be overridden per user:

• none — minimal shell, virtual paths only, SCP enabled.
• terminal — full interactive shell (cmd.exe, PowerShell, …); path mappings do not apply, SCP is unavailable.
• legacy — old-style minimal shell.

Pair terminal mode with Windows authentication and impersonation if you want the shell to run as the connecting user rather than the service account.

Managing users

Buru SFTP offers two ways to manage users — pick whichever fits your workflow:

• Web Administration — browser-based interface.
• Command Line — the burusftp user, burusftp user key, and burusftp path commands.

Both cover the same set of options.